Merge branch 'master' into feat/issue-994-two-factor-api

nextcloud · Nov 29, 2024 · 78e280f · 78e280f
2 parents 207f5cd + a4c3e0c
commit 78e280f
Show file tree

Hide file tree

Showing 442 changed files with 6,221 additions and 4,412 deletions.
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -162,7 +162,7 @@ jobs:
 
       - name: Create data dir archive
         if: failure() && matrix.containers != 'component'
-        run: docker exec nextcloud-cypress-tests-server tar -cvjf - data > data.tar
+        run: docker exec nextcloud-cypress-tests_server tar -cvjf - data > data.tar
 
       - name: Upload data dir archive
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3

diff --git a/.github/workflows/files-external-smb-kerberos.yml b/.github/workflows/files-external-smb-kerberos.yml
@@ -53,6 +53,12 @@ jobs:
           repository: nextcloud/user_saml
           path: apps/user_saml
 
+      - name: Install user_saml
+        run: |
+          cd apps/user_saml
+          composer i
+          cd ../..
+
       - name: Pull images
         run: |
           docker pull ghcr.io/icewind1991/samba-krb-test-dc

diff --git a/apps/dav/composer/composer/autoload_classmap.php b/apps/dav/composer/composer/autoload_classmap.php
@@ -276,7 +276,7 @@
     'OCA\\DAV\\Events\\SubscriptionUpdatedEvent' => $baseDir . '/../lib/Events/SubscriptionUpdatedEvent.php',
     'OCA\\DAV\\Exception\\ServerMaintenanceMode' => $baseDir . '/../lib/Exception/ServerMaintenanceMode.php',
     'OCA\\DAV\\Exception\\UnsupportedLimitOnInitialSyncException' => $baseDir . '/../lib/Exception/UnsupportedLimitOnInitialSyncException.php',
-    'OCA\\DAV\\Files\\ErrorPagePlugin' => $baseDir . '/../lib/Files/ErrorPagePlugin.php',
+    'OCA\\DAV\\Files\\BrowserErrorPagePlugin' => $baseDir . '/../lib/Files/BrowserErrorPagePlugin.php',
     'OCA\\DAV\\Files\\FileSearchBackend' => $baseDir . '/../lib/Files/FileSearchBackend.php',
     'OCA\\DAV\\Files\\FilesHome' => $baseDir . '/../lib/Files/FilesHome.php',
     'OCA\\DAV\\Files\\LazySearchBackend' => $baseDir . '/../lib/Files/LazySearchBackend.php',

diff --git a/apps/dav/composer/composer/autoload_static.php b/apps/dav/composer/composer/autoload_static.php
@@ -291,7 +291,7 @@ class ComposerStaticInitDAV
         'OCA\\DAV\\Events\\SubscriptionUpdatedEvent' => __DIR__ . '/..' . '/../lib/Events/SubscriptionUpdatedEvent.php',
         'OCA\\DAV\\Exception\\ServerMaintenanceMode' => __DIR__ . '/..' . '/../lib/Exception/ServerMaintenanceMode.php',
         'OCA\\DAV\\Exception\\UnsupportedLimitOnInitialSyncException' => __DIR__ . '/..' . '/../lib/Exception/UnsupportedLimitOnInitialSyncException.php',
-        'OCA\\DAV\\Files\\ErrorPagePlugin' => __DIR__ . '/..' . '/../lib/Files/ErrorPagePlugin.php',
+        'OCA\\DAV\\Files\\BrowserErrorPagePlugin' => __DIR__ . '/..' . '/../lib/Files/BrowserErrorPagePlugin.php',
         'OCA\\DAV\\Files\\FileSearchBackend' => __DIR__ . '/..' . '/../lib/Files/FileSearchBackend.php',
         'OCA\\DAV\\Files\\FilesHome' => __DIR__ . '/..' . '/../lib/Files/FilesHome.php',
         'OCA\\DAV\\Files\\LazySearchBackend' => __DIR__ . '/..' . '/../lib/Files/LazySearchBackend.php',

diff --git a/apps/dav/l10n/pl.js b/apps/dav/l10n/pl.js
@@ -36,7 +36,7 @@ OC.L10N.register(
     "You moved event {event} from calendar {sourceCalendar} to calendar {targetCalendar}" : "Przeniosłeś wydarzenie {event} z kalendarza {sourceCalendar} do kalendarza {targetCalendar}",
     "{actor} restored event {event} of calendar {calendar}" : "{actor} przywrócił wydarzenie {event} z kalendarza {calendar}",
     "You restored event {event} of calendar {calendar}" : "Przywróciłeś wydarzenie {event} z kalendarza {calendar}",
-    "Busy" : "Czekaj",
+    "Busy" : "Zajęty",
     "{actor} created to-do {todo} in list {calendar}" : "{actor} utworzył zadanie {todo} na liście {calendar}",
     "You created to-do {todo} in list {calendar}" : "Utworzyłeś zadanie {todo} na liście {calendar}",
     "{actor} deleted to-do {todo} from list {calendar}" : "{actor} usunął zadanie {todo} z listy {calendar}",
@@ -72,6 +72,7 @@ OC.L10N.register(
     "Description: %s" : "Opis: %s",
     "Where: %s" : "Gdzie: %s",
     "%1$s via %2$s" : "%1$s przez %2$s",
+    "Could not generate when statement" : "Nie można wygenerować instrukcji when",
     "Every Day for the entire day" : "Codziennie przez cały dzień",
     "Could not generate event recurrence statement" : "Nie można wygenerować zestawienia powtórzeń zdarzenia",
     "Could not generate next recurrence statement" : "Nie można wygenerować następnej instrukcji powtarzania",
@@ -91,7 +92,7 @@ OC.L10N.register(
     "Title:" : "Tytuł:",
     "When:" : "Kiedy:",
     "Location:" : "Lokalizacja:",
-    "Link:" : "Link: ",
+    "Link:" : "Odnośnik: ",
     "Occurring:" : "Występujący:",
     "Accept" : "Akceptuj",
     "Decline" : "Odrzuć",
@@ -117,7 +118,13 @@ OC.L10N.register(
     "November" : "Listopad",
     "December" : "Grudzień",
     "First" : "Pierwsza",
+    "Second" : "Druga",
+    "Third" : "Trzecia",
+    "Fourth" : "Czwarta",
+    "Fifty" : "Piąta",
     "Last" : "Ostatnia",
+    "Second Last" : "Druga ostatnia",
+    "Third Last" : "Trzecia ostatnia",
     "Fourth Last" : "Czwarty ostatni",
     "Fifty Last" : "Pięćdziesiąt Ostatni",
     "Contacts" : "Kontakty",
@@ -187,6 +194,7 @@ OC.L10N.register(
     "WebDAV" : "WebDAV",
     "First day" : "Pierwszy dzień",
     "Last day (inclusive)" : "Ostatni dzień (inclusive)",
+    "Out of office replacement (optional)" : "Zamiennik poza biurem (opcjonalnie)",
     "Name of the replacement" : "Nazwa zamiennika",
     "No results." : "Brak wyników.",
     "Start typing." : "Zacznij pisać.",

diff --git a/apps/dav/l10n/pl.json b/apps/dav/l10n/pl.json
@@ -34,7 +34,7 @@
     "You moved event {event} from calendar {sourceCalendar} to calendar {targetCalendar}" : "Przeniosłeś wydarzenie {event} z kalendarza {sourceCalendar} do kalendarza {targetCalendar}",
     "{actor} restored event {event} of calendar {calendar}" : "{actor} przywrócił wydarzenie {event} z kalendarza {calendar}",
     "You restored event {event} of calendar {calendar}" : "Przywróciłeś wydarzenie {event} z kalendarza {calendar}",
-    "Busy" : "Czekaj",
+    "Busy" : "Zajęty",
     "{actor} created to-do {todo} in list {calendar}" : "{actor} utworzył zadanie {todo} na liście {calendar}",
     "You created to-do {todo} in list {calendar}" : "Utworzyłeś zadanie {todo} na liście {calendar}",
     "{actor} deleted to-do {todo} from list {calendar}" : "{actor} usunął zadanie {todo} z listy {calendar}",
@@ -70,6 +70,7 @@
     "Description: %s" : "Opis: %s",
     "Where: %s" : "Gdzie: %s",
     "%1$s via %2$s" : "%1$s przez %2$s",
+    "Could not generate when statement" : "Nie można wygenerować instrukcji when",
     "Every Day for the entire day" : "Codziennie przez cały dzień",
     "Could not generate event recurrence statement" : "Nie można wygenerować zestawienia powtórzeń zdarzenia",
     "Could not generate next recurrence statement" : "Nie można wygenerować następnej instrukcji powtarzania",
@@ -89,7 +90,7 @@
     "Title:" : "Tytuł:",
     "When:" : "Kiedy:",
     "Location:" : "Lokalizacja:",
-    "Link:" : "Link: ",
+    "Link:" : "Odnośnik: ",
     "Occurring:" : "Występujący:",
     "Accept" : "Akceptuj",
     "Decline" : "Odrzuć",
@@ -115,7 +116,13 @@
     "November" : "Listopad",
     "December" : "Grudzień",
     "First" : "Pierwsza",
+    "Second" : "Druga",
+    "Third" : "Trzecia",
+    "Fourth" : "Czwarta",
+    "Fifty" : "Piąta",
     "Last" : "Ostatnia",
+    "Second Last" : "Druga ostatnia",
+    "Third Last" : "Trzecia ostatnia",
     "Fourth Last" : "Czwarty ostatni",
     "Fifty Last" : "Pięćdziesiąt Ostatni",
     "Contacts" : "Kontakty",
@@ -185,6 +192,7 @@
     "WebDAV" : "WebDAV",
     "First day" : "Pierwszy dzień",
     "Last day (inclusive)" : "Ostatni dzień (inclusive)",
+    "Out of office replacement (optional)" : "Zamiennik poza biurem (opcjonalnie)",
     "Name of the replacement" : "Nazwa zamiennika",
     "No results." : "Brak wyników.",
     "Start typing." : "Zacznij pisać.",

diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php
@@ -3569,9 +3569,9 @@ protected function purgeCalendarInvitations(int $calendarId): void {
 		// delete all links that match object uid's
 		$cmd = $this->db->getQueryBuilder();
 		$cmd->delete($this->dbObjectInvitationsTable)
-			->where($cmd->expr()->in('uid', $cmd->createNamedParameter('uids'), IQueryBuilder::PARAM_STR_ARRAY));
-		foreach (array_chunk($allIds, 1000) as $chunckIds) {
-			$cmd->setParameter('uids', $chunckIds, IQueryBuilder::PARAM_INT_ARRAY);
+			->where($cmd->expr()->in('uid', $cmd->createParameter('uids'), IQueryBuilder::PARAM_STR_ARRAY));
+		foreach (array_chunk($allIds, 1000) as $chunkIds) {
+			$cmd->setParameter('uids', $chunkIds, IQueryBuilder::PARAM_STR_ARRAY);
 			$cmd->executeStatement();
 		}
 	}
@@ -3588,7 +3588,7 @@ protected function purgeCalendarInvitations(int $calendarId): void {
 	protected function purgeObjectInvitations(string $eventId): void {
 		$cmd = $this->db->getQueryBuilder();
 		$cmd->delete($this->dbObjectInvitationsTable)
-			->where($cmd->expr()->eq('uid', $cmd->createNamedParameter($eventId)));
+			->where($cmd->expr()->eq('uid', $cmd->createNamedParameter($eventId, IQueryBuilder::PARAM_STR), IQueryBuilder::PARAM_STR));
 		$cmd->executeStatement();
 	}
 }
diff --git a/apps/dav/lib/Connector/Sabre/BlockLegacyClientPlugin.php b/apps/dav/lib/Connector/Sabre/BlockLegacyClientPlugin.php
@@ -49,14 +49,26 @@ public function beforeHandler(RequestInterface $request) {
 			return;
 		}
 
-		$minimumSupportedDesktopVersion = $this->config->getSystemValue('minimum.supported.desktop.version', '2.3.0');
+		$minimumSupportedDesktopVersion = $this->config->getSystemValueString('minimum.supported.desktop.version', '2.3.0');
+		$maximumSupportedDesktopVersion = $this->config->getSystemValueString('maximum.supported.desktop.version', '99.99.99');
+
+		// Check if the client is a desktop client
 		preg_match(IRequest::USER_AGENT_CLIENT_DESKTOP, $userAgent, $versionMatches);
-		if (isset($versionMatches[1]) &&
-			version_compare($versionMatches[1], $minimumSupportedDesktopVersion) === -1) {
+
+		// If the client is a desktop client and the version is too old, block it
+		if (isset($versionMatches[1]) && version_compare($versionMatches[1], $minimumSupportedDesktopVersion) === -1) {
 			$customClientDesktopLink = htmlspecialchars($this->themingDefaults->getSyncClientUrl());
 			$minimumSupportedDesktopVersion = htmlspecialchars($minimumSupportedDesktopVersion);
 
 			throw new \Sabre\DAV\Exception\Forbidden("This version of the client is unsupported. Upgrade to <a href=\"$customClientDesktopLink\">version $minimumSupportedDesktopVersion or later</a>.");
 		}
+
+		// If the client is a desktop client and the version is too new, block it
+		if (isset($versionMatches[1]) && version_compare($versionMatches[1], $maximumSupportedDesktopVersion) === 1) {
+			$customClientDesktopLink = htmlspecialchars($this->themingDefaults->getSyncClientUrl());
+			$maximumSupportedDesktopVersion = htmlspecialchars($maximumSupportedDesktopVersion);
+
+			throw new \Sabre\DAV\Exception\Forbidden("This version of the client is unsupported. Downgrade to <a href=\"$customClientDesktopLink\">version $maximumSupportedDesktopVersion or earlier</a>.");
+		}
 	}
 }
diff --git a/apps/dav/lib/Connector/Sabre/Server.php b/apps/dav/lib/Connector/Sabre/Server.php
@@ -7,6 +7,9 @@
  */
 namespace OCA\DAV\Connector\Sabre;
 
+use Sabre\DAV\Exception;
+use Sabre\DAV\Version;
+
 /**
  * Class \OCA\DAV\Connector\Sabre\Server
  *
@@ -26,9 +29,11 @@ public function __construct($treeOrNode = null) {
 		$this->enablePropfindDepthInfinity = true;
 	}
 
-	// Copied from 3rdparty/sabre/dav/lib/DAV/Server.php
-	// Should be them exact same without the exception output.
-	public function start(): void {
+	/**
+	 *
+	 * @return void
+	 */
+	public function start() {
 		try {
 			// If nginx (pre-1.2) is used as a proxy server, and SabreDAV as an
 			// origin, we must make sure we send back HTTP/1.0 if this was
@@ -42,10 +47,74 @@ public function start(): void {
 			$this->httpRequest->setBaseUrl($this->getBaseUri());
 			$this->invokeMethod($this->httpRequest, $this->httpResponse);
 		} catch (\Throwable $e) {
+			if ($e instanceof \TypeError) {
+				/*
+				 * The TypeError includes the file path where the error occurred,
+				 * potentially revealing the installation directory.
+				 *
+				 * By re-throwing the exception, we ensure that the
+				 * default exception handler processes it.
+				 */
+				throw $e;
+			}
+
 			try {
 				$this->emit('exception', [$e]);
 			} catch (\Exception $ignore) {
 			}
+
+			$DOM = new \DOMDocument('1.0', 'utf-8');
+			$DOM->formatOutput = true;
+
+			$error = $DOM->createElementNS('DAV:', 'd:error');
+			$error->setAttribute('xmlns:s', self::NS_SABREDAV);
+			$DOM->appendChild($error);
+
+			$h = function ($v) {
+				return htmlspecialchars((string)$v, ENT_NOQUOTES, 'UTF-8');
+			};
+
+			if (self::$exposeVersion) {
+				$error->appendChild($DOM->createElement('s:sabredav-version', $h(Version::VERSION)));
+			}
+
+			$error->appendChild($DOM->createElement('s:exception', $h(get_class($e))));
+			$error->appendChild($DOM->createElement('s:message', $h($e->getMessage())));
+			if ($this->debugExceptions) {
+				$error->appendChild($DOM->createElement('s:file', $h($e->getFile())));
+				$error->appendChild($DOM->createElement('s:line', $h($e->getLine())));
+				$error->appendChild($DOM->createElement('s:code', $h($e->getCode())));
+				$error->appendChild($DOM->createElement('s:stacktrace', $h($e->getTraceAsString())));
+			}
+
+			if ($this->debugExceptions) {
+				$previous = $e;
+				while ($previous = $previous->getPrevious()) {
+					$xPrevious = $DOM->createElement('s:previous-exception');
+					$xPrevious->appendChild($DOM->createElement('s:exception', $h(get_class($previous))));
+					$xPrevious->appendChild($DOM->createElement('s:message', $h($previous->getMessage())));
+					$xPrevious->appendChild($DOM->createElement('s:file', $h($previous->getFile())));
+					$xPrevious->appendChild($DOM->createElement('s:line', $h($previous->getLine())));
+					$xPrevious->appendChild($DOM->createElement('s:code', $h($previous->getCode())));
+					$xPrevious->appendChild($DOM->createElement('s:stacktrace', $h($previous->getTraceAsString())));
+					$error->appendChild($xPrevious);
+				}
+			}
+
+			if ($e instanceof Exception) {
+				$httpCode = $e->getHTTPCode();
+				$e->serialize($this, $error);
+				$headers = $e->getHTTPHeaders($this);
+			} else {
+				$httpCode = 500;
+				$headers = [];
+			}
+			$headers['Content-Type'] = 'application/xml; charset=utf-8';
+
+			$this->httpResponse->setStatus($httpCode);
+			$this->httpResponse->setHeaders($headers);
+			$this->httpResponse->setBody($DOM->saveXML());
+			$this->sapi->sendResponse($this->httpResponse);
 		}
 	}
 }
diff --git a/apps/dav/lib/Connector/Sabre/ServerFactory.php b/apps/dav/lib/Connector/Sabre/ServerFactory.php
@@ -12,7 +12,7 @@
 use OCA\DAV\CalDAV\DefaultCalendarValidator;
 use OCA\DAV\DAV\CustomPropertiesBackend;
 use OCA\DAV\DAV\ViewOnlyPlugin;
-use OCA\DAV\Files\ErrorPagePlugin;
+use OCA\DAV\Files\BrowserErrorPagePlugin;
 use OCA\Theming\ThemingDefaults;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
@@ -90,7 +90,9 @@ public function createServer(string $baseUri,
 			$server->addPlugin(new FakeLockerPlugin());
 		}
 
-		$server->addPlugin(new ErrorPagePlugin($this->request, $this->config));
+		if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
+			$server->addPlugin(new BrowserErrorPagePlugin());
+		}
 
 		// wait with registering these until auth is handled and the filesystem is setup
 		$server->on('beforeMethod:*', function () use ($server, $objectTree, $viewCallBack): void {